Skip to content

Privacy News: October 6

A new book from Danielle Citron, a new paper from Ari Waldman, Post-Roe privacy, and more!

A road sign with the word News

Before we get to news around the web, a couple of updates here on The Nexus of Privacy:

The US Needs to Recognize Intimate Privacy as a Civil Right

Danielle Keats Citron on WIRED (

In a story adepted from Professor Citron's new book The Fight for Privacy: Protecting Dignity, Identity, and Love in the Digital Age, she pushes back on the framing that privacy is just consumer protection issue. Instead she looks at how it’s inextricably linked to equality, with urgent implications for women and minorities.

To combat invasions of intimate privacy, we first need to recognize intimate privacy as a moral and legal right. Everyone deserves intimate privacy to create a life of meaning, respect, and love and to feel that they belong as citizens. In making this a civil right, lawmakers would show their appreciation of intimate privacy’s significance for individuals, groups, and society.

In the United States, the recognition of a civil right has legal significance and moral resonance. Our civil rights tradition secures strong protections for crucial rights. Lawmakers can insist upon robust duties to protect intimate privacy and to remedy its violation. The recognition of a civil right to intimate privacy is urgent for women and minorities who suffer discrimination due to attitudes stigmatizing their bodies and intimate lives. Although modern civil rights laws are principally antidiscrimination laws, that should not be their sum total. A civil right to intimate privacy must combat invidious discrimination and secure basic entitlements for all.

Law professor Danielle Citron: ‘Privacy is essential to human flourishing’, an interview by Laurie Clark in The Guardian, and Professor Danielle Citron’s New Book Argues Intimate Privacy Is a Human Right on Univesity of Virgnia's site, are good companion reads.

The Fight for Privacy is available
from publisher W.W. Norton
or via Amazon

Privacy, Practice, and Performance

Ari Ezra Waldman on California Law Review (

Professor Waldman (author of the outstanding Industry Unbound: The Inside Story of Privacy, Data, and Corporate Power) argues that rather than being influenced by the EU's GDPR or a Californias CCPA, recent privacy laws are creations of industry. That's certainly the case for laws like Virgnia's, which was based on the Bad Washington Privacy Act, and is widely described as written by Amazon and Microsoft.  As Waldman says on Twitter, "The law has been endogenously created by industry practices that legitimize data extraction."

From the abstract

Privacy law is at a crossroads. In the last three years, U.S. policymakers have introduced more than fifty proposals for comprehensive privacy legislation, most of which look roughly the same: they all combine a series of individual rights with internal compliance. The conventional wisdom sees these proposals as groundbreaking progress in privacy law and explains their uniformity by looking to catalyzing precedent like the General Data Protection Regulation in Europe or the California Consumer Privacy Act.

This Article challenges that emerging consensus. Relying on contemporary sociological and critical studies scholarship, this Article analyzes recent privacy proposals in the United States through their social practices and argues that those practices are drawing boundaries that set the terms of privacy law from the ground up. In other words, privacy law’s practices are descriptively and normatively performative: they have socially constructed what we think privacy law is and should be. We have not only become accustomed to conceptualizing privacy law in certain ways; we have come to see a model of individual rights and internal procedural compliance as the normal, ordinary, commonsense modality of privacy law. So constructed, privacy law is flawed, with substantial negative effects for individuals, society, equality, and justice.

Waldman's 2021 How Big Tech Turns Privacy Laws Into Privacy Theater on Slate and A Provocative Critique of Privacy Law (an interview by Daniel Solove on Tech Privacy) are good introductions to his work.  

Industry Unbound is available
from publisher Cambridge University Press
or via Amazon

Post-Roe privacy

Automated License Plate Readers Threaten Abortion Access. Here’s How Policymakers Can Mitigate the Risk

Dave Maass on Electronic Frontier Foundation (

Automated license plate readers (ALPRs) are camera systems that capture license plate numbers and upload the information – including times, dates, locations – to databases.  If that sounds like mass surveillance to you ... you're right!  But as EFF points out

Now, in the wake of the U.S. Supreme Court's Dobbs ruling, that technology may soon be turned against people seeking abortions, the people who support them, and the workers who provide reproductive healthcare.

Youth Privacy

When School Superintendents Market Surveillance Cameras

Aaron Gordon on VICE Motherboard (

Michael Fox, a superintendent for a small New Jersey school district in Bergan County, sent dozens of sales pitches and coordinated closely with Verkada sales reps to hawk smart security cameras.  Another county employee, who works at the county's Office of the Inspector General and is also a a security consultant for third party resellers of security products, was also copied on the mails.  Bergen County employees are allowed to have outside employment as long as it does not conflict with county contracts or county activities – and Verkada sells through third-party resellers, so it's not technically a conflict.  

EFF Urges FTC to Address Security and Privacy Problems in Daycare and Early Education Apps

Jason Kelley on Electronic Frontier Foundation (

SAN FRANCISCO—The Federal Trade Commission must review the lack of privacy and security protections among daycare and early education apps, the Electronic Frontier Foundation (EFF) urged Wednesday in a letter to Chair Lina Khan. EFF Director of Engineering Alexis Hancock’s recent investigation found early education and daycare apps have several troubling security risks. Some allow public access to children’s photos via insecure cloud storage; many have dangerously weak password policies; at least one (Tadpoles for Parents) sends “event” data, including when the app is activated and deactivated, to Facebook; and several enable cleartext traffic that can be exploited by network eavesdroppers.

And ...

Meet the Military Contractor Running Fare Collection in New York Subways — and Around the World

Schuyler Mitchell on The Intercept (

Cubic Corporation does transit projects like New York City’s OMNY, but also cleans up on government surveillance and security contracts.

End-to-end encryption keeps us all safe

Mallory Knodel, Ryan Polk, and Sheetal Kumar on

Governments worldwide are attacking encryption, infringing on the right to privacy and undermining their stated aim of making the internet safer for all

Announcing New Board Leadership at Data & Society

on Data & Society (

Data & Society board unanimously appointed Dr. Charlton McIlwain as the new president of the board of directors. McIlwain has served on the board since February 2021. D&S founder danah boyd has stepped down as president and has decided not to renew her board term when it ends March 1, 2023.

How the Supreme Court could change the internet as we know it

David Ingram on NBC News (

The court is poised to hear as many as three cases this term about the legal protections that social media companies have used to become industry behemoths.

Whatever Happened to Those Self-Service Passport Kiosks at Airports?

on NYTimes (

More than 80 percent of all travelers entering the U.S. are now verified by facial recognition. The loss of older, seemingly more convenient methods has many perplexed. And then there are the privacy issues.

UK pauses data reform bill to rethink how to replace GDPR

Natasha Lomas on TechCrunch (

The UK government has paused a data reform bill while ministers take a fresh look at how to replace the EU GDPR.

on Brave Browser (

Recent versions of Brave on iOS include many new privacy features, ensuring that Brave iOS users have the strongest available protections of any iOS browser.

CPDP2023 Computers, Privacy and Data Protection conference • Call for Panels


CPDP is an annual three-day conference devoted to privacy and data protection. The 16th edition of CPDP will be held on 24-26 May 2023 in Brussels. This call for panels is aimed at academic consortia, research projects, think tanks and other research organisations.

Google pays $85m to settle location privacy lawsuit

Jessica Lyons Hardcastle on The Register (

Phrasing, Arizona... AG claims deal is ‘historic’

VB Staff on VentureBeat (

The most popular mobile apps all store basic user information, and 60% store information from private conversations.

W@Privacy Awards

Future of Privacy Forum (

Women@ Privacy Awards FPF is honored to host W@Privacy for its first edition of the W@Privacy Awards! As part of W@Privacy’s mission to enhance the visibility and empowerment of women privacy professionals, they’ll recognize and celebrate outstanding women in the privacy field from various categorie…

Demographic-Reliant Algorithmic Fairness: Characterizing the Risks of Demographic Data Collection in the Pursuit of Fairness

McKane Andrus on (

Most proposed algorithmic fairness techniques require access to data on a “sensitive attribute” or “protected category” (such as race, ethnicity, gender, or sexuality) in order to make performance comparisons and standardizations across groups, however this data is largely unavailable in practice, h…

Amazon’s Ring announces plan to use a robot for security patrols alongside new home security devices

Sarah Perez on TechCrunch (

Amazon unveiled a refresh of its Ring lineup including new cameras, alarms and more.

Ad industry practices come under fire as privacy lawsuits surge

Daniel Konstantinovic on Insider Intelligence (

Privacy standards are changing under advertisers’ feet: Lawsuits from private citizens and the federal government show that a digital advertising reckoning is under way.

Couple Who Rents Cars Brags About Tracking Customers on TikTok


Privacy activists are decrying a couple who use TikTok to show how they track people who rented their cars on the car-sharing app Turo.

Attorney general flags urgent privacy law changes after Optus data breach

Paul Karp on The Guardian (

Mark Dreyfus indicates potential reforms to laws regarding data breaches including higher penalties, mandatory precautions and customer notifications

Rohingya seek reparations from Facebook for role in massacre

BARBARA ORTUTAY on Associated Press (

With roosters crowing in the background as he speaks from the crowded refugee camp in Bangladesh that’s been his home since 2017, Maung Sawyeddollah, 21, describes what happened when violent hate speech and disinformation targeting the Rohingya minority in Myanmar began to spread on Facebook.

Privacy, security concerns prompt GAO to call for more telehealth oversight

Jessica Davis on SC Media (

A GAO audit of the Medicaid telehealth program found that more oversight is needed of how providers are communicating the privacy and security risks to patients.

Indonesia Data Protection Law Includes Potential Prison Time, Asset Seizure, Right to Compensation for Data Breaches

Scott Ikeda on CPO Magazine (

An Indonesia data protection law that has been in development since 2016 includes some of the harshest penalties yet seen in national data privacy regulations, along with a right to compensation for data breaches.

4 Ways to Protect Your Privacy While Playing Online Games

Kim Key on PCMag (

Gaming companies monitor all your in-game activities, which means they know more about you than you might want. Follow these tips to limit your online data sharing.

Image credit: News by Nick Youngson, licensed under CC BY-SA 3.0, via Pix4free